```html
<!DOCTYPE html>
<html lang="zh-CN">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Tomcat安全配置指南 | 技术小馆</title>
    <link rel="stylesheet" href="https://cdn.staticfile.org/font-awesome/6.4.0/css/all.min.css">
    <link rel="stylesheet" href="https://cdn.staticfile.org/tailwindcss/2.2.19/tailwind.min.css">
    <link href="https://fonts.googleapis.com/css2?family=Noto+Serif+SC:wght@400;500;600;700&family=Noto+Sans+SC:wght@300;400;500;700&display=swap" rel="stylesheet">
    <style>
        body {
            font-family: 'Noto Sans SC', Tahoma, Arial, Roboto, "Droid Sans", "Helvetica Neue", "Droid Sans Fallback", "Heiti SC", "Hiragino Sans GB", Simsun, sans-serif;
            line-height: 1.8;
            color: #333;
        }
        .hero-gradient {
            background: linear-gradient(135deg, #1e3a8a 0%, #2563eb 50%, #3b82f6 100%);
        }
        .card-hover {
            transition: transform 0.3s ease, box-shadow 0.3s ease;
        }
        .card-hover:hover {
            transform: translateY(-5px);
            box-shadow: 0 20px 25px -5px rgba(0, 0, 0, 0.1), 0 10px 10px -5px rgba(0, 0, 0, 0.04);
        }
        .code-block {
            font-family: 'Courier New', Courier, monospace;
            background-color: #f8fafc;
            border-left: 4px solid #3b82f6;
            padding: 1.5rem;
            margin: 1.5rem 0;
            border-radius: 0 0.375rem 0.375rem 0;
            overflow-x: auto;
        }
        .drop-cap:first-letter {
            float: left;
            font-size: 4rem;
            line-height: 0.8;
            margin: 0.1em 0.2em 0 0;
            color: #2563eb;
            font-weight: bold;
        }
    </style>
</head>
<body class="bg-gray-50">
    <!-- Hero Section -->
    <section class="hero-gradient text-white py-20 md:py-32 px-6">
        <div class="max-w-4xl mx-auto text-center">
            <h1 class="text-4xl md:text-5xl font-bold mb-6 font-serif">
                Tomcat安全配置完全指南
            </h1>
            <p class="text-xl md:text-2xl mb-8 opacity-90">
                保护您的Web应用免受威胁的专业实践
            </p>
            <div class="flex justify-center space-x-4">
                <span class="px-4 py-2 bg-white bg-opacity-20 rounded-full text-sm font-medium">服务器安全</span>
                <span class="px-4 py-2 bg-white bg-opacity-20 rounded-full text-sm font-medium">Web防护</span>
                <span class="px-4 py-2 bg-white bg-opacity-20 rounded-full text-sm font-medium">最佳实践</span>
            </div>
        </div>
    </section>

    <!-- Main Content -->
    <main class="max-w-5xl mx-auto px-6 py-12">
        <!-- Introduction -->
        <section class="mb-16">
            <p class="text-lg text-gray-700 mb-6 drop-cap">
                配置Tomcat的安全性是确保Web应用和服务器安全的关键步骤。Tomcat作为一个常用的Java Servlet容器，可能会面临各种安全威胁，如未经授权的访问、数据泄露、服务拒绝攻击等。本文将从基础配置到高级防护，全面介绍如何加固您的Tomcat服务器。
            </p>
            <div class="bg-blue-50 border-l-4 border-blue-500 p-4 mb-8">
                <div class="flex">
                    <div class="flex-shrink-0">
                        <i class="fas fa-shield-alt text-blue-500 mt-1"></i>
                    </div>
                    <div class="ml-3">
                        <h3 class="text-sm font-medium text-blue-800">安全小贴士</h3>
                        <div class="mt-2 text-sm text-blue-700">
                            <p>Tomcat的安全配置是一个持续的过程，建议定期审计和更新您的安全措施。</p>
                        </div>
                    </div>
                </div>
            </div>
        </section>

        <!-- Security Mind Map -->
        <section class="mb-16 bg-white rounded-xl shadow-md overflow-hidden">
            <div class="p-6 border-b border-gray-200">
                <h2 class="text-2xl font-bold text-gray-800 font-serif">Tomcat安全全景图</h2>
                <p class="text-gray-600 mt-2">关键安全领域及其相互关系</p>
            </div>
            <div class="p-6" id="mermaid-diagram">
                <div class="mermaid">
                    mindmap
                        root((Tomcat安全))
                            基础配置
                                修改默认端口
                                禁用管理应用
                                强密码策略
                            Web应用防护
                                HTTPS强制
                                安全头设置
                                身份验证
                                授权控制
                            漏洞防护
                                SQL注入
                                XSS攻击
                                CSRF防护
                                Clickjacking
                            监控审计
                                访问日志
                                异常监控
                            维护更新
                                版本升级
                                定期测试
                </div>
            </div>
        </section>

        <!-- Section 1 -->
        <section class="mb-16">
            <div class="flex items-center mb-8">
                <div class="flex-shrink-0 bg-blue-500 rounded-md p-3 text-white">
                    <i class="fas fa-lock-open text-xl"></i>
                </div>
                <div class="ml-4">
                    <h2 class="text-3xl font-bold text-gray-800 font-serif">1. 安全配置基础</h2>
                    <p class="text-gray-600">建立Tomcat的安全基线</p>
                </div>
            </div>

            <div class="grid md:grid-cols-2 gap-8">
                <div class="bg-white rounded-xl shadow-md p-6 card-hover">
                    <h3 class="text-xl font-bold mb-4 text-gray-800 flex items-center">
                        <span class="w-8 h-8 bg-blue-100 text-blue-600 rounded-full flex items-center justify-center mr-3">1</span>
                        修改默认设置
                    </h3>
                    <p class="text-gray-700 mb-4">默认配置通常是攻击者的首要目标，修改这些设置可以大大降低风险。</p>
                    
                    <h4 class="font-semibold text-gray-800 mb-2 mt-4 flex items-center">
                        <i class="fas fa-exchange-alt text-blue-500 mr-2"></i>
                        更改默认端口
                    </h4>
                    <div class="code-block">
                        &lt;Connector port="8180" protocol="HTTP/1.1" ... /&gt;
                    </div>
                    <p class="text-gray-600 text-sm">默认情况下，Tomcat使用8080端口。可以通过修改<code class="bg-gray-100 px-1 py-0.5 rounded">conf/server.xml</code>文件中的<code class="bg-gray-100 px-1 py-0.5 rounded">Connector</code>元素来更改端口，以减少被攻击的风险。</p>
                    
                    <h4 class="font-semibold text-gray-800 mb-2 mt-4 flex items-center">
                        <i class="fas fa-ban text-red-500 mr-2"></i>
                        禁用管理和主机管理应用
                    </h4>
                    <div class="code-block">
                        &lt;Context path="/manager" docBase="${catalina.home}/webapps/manager" privileged="true" /&gt;<br>
                        &lt;Context path="/host-manager" docBase="${catalina.home}/webapps/host-manager" privileged="true" /&gt;
                    </div>
                    <p class="text-gray-600 text-sm">Tomcat默认安装了管理控制台和主机管理应用。可以通过编辑<code class="bg-gray-100 px-1 py-0.5 rounded">conf/tomcat-users.xml</code>文件来禁用这些应用。</p>
                </div>

                <div class="bg-white rounded-xl shadow-md p-6 card-hover">
                    <h3 class="text-xl font-bold mb-4 text-gray-800 flex items-center">
                        <span class="w-8 h-8 bg-blue-100 text-blue-600 rounded-full flex items-center justify-center mr-3">2</span>
                        配置安全性参数
                    </h3>
                    <p class="text-gray-700 mb-4">合理的参数配置是安全防护的第一道防线。</p>
                    
                    <h4 class="font-semibold text-gray-800 mb-2 mt-4 flex items-center">
                        <i class="fas fa-key text-yellow-500 mr-2"></i>
                        配置强密码策略
                    </h4>
                    <div class="code-block">
                        &lt;tomcat-users&gt;<br>
                        &nbsp;&nbsp;&lt;role rolename="manager-gui"/&gt;<br>
                        &nbsp;&nbsp;&lt;role rolename="admin-gui"/&gt;<br>
                        &nbsp;&nbsp;&lt;user username="admin" password="strongpassword" roles="manager-gui,admin-gui"/&gt;<br>
                        &lt;/tomcat-users&gt;
                    </div>
                    <p class="text-gray-600 text-sm">修改<code class="bg-gray-100 px-1 py-0.5 rounded">conf/tomcat-users.xml</code>文件，确保使用强密码，并限制用户权限。</p>
                    
                    <div class="mt-6 p-4 bg-yellow-50 border-l-4 border-yellow-400">
                        <div class="flex">
                            <div class="flex-shrink-0">
                                <i class="fas fa-exclamation-triangle text-yellow-400"></i>
                            </div>
                            <div class="ml-3">
                                <p class="text-sm text-yellow-700">
                                    密码应包含大小写字母、数字和特殊字符，长度至少12位，并定期更换。
                                </p>
                            </div>
                        </div>
                    </div>
                </div>
            </div>
        </section>

        <!-- Section 2 -->
        <section class="mb-16">
            <div class="flex items-center mb-8">
                <div class="flex-shrink-0 bg-blue-500 rounded-md p-3 text-white">
                    <i class="fas fa-globe text-xl"></i>
                </div>
                <div class="ml-4">
                    <h2 class="text-3xl font-bold text-gray-800 font-serif">2. 保护Web应用</h2>
                    <p class="text-gray-600">应用层面的安全防护措施</p>
                </div>
            </div>

            <div class="grid md:grid-cols-2 gap-8">
                <div class="bg-white rounded-xl shadow-md p-6 card-hover">
                    <h3 class="text-xl font-bold mb-4 text-gray-800 flex items-center">
                        <span class="w-8 h-8 bg-blue-100 text-blue-600 rounded-full flex items-center justify-center mr-3">1</span>
                        配置Web应用的安全性
                    </h3>
                    
                    <h4 class="font-semibold text-gray-800 mb-2 mt-4 flex items-center">
                        <i class="fas fa-heading text-purple-500 mr-2"></i>
                        设置安全头
                    </h4>
                    <div class="code-block">
                        &lt;filter&gt;<br>
                        &nbsp;&nbsp;&lt;filter-name&gt;SecurityHeaders&lt;/filter-name&gt;<br>
                        &nbsp;&nbsp;&lt;filter-class&gt;org.apache.catalina.filters.AddDefaultHeadersFilter&lt;/filter-class&gt;<br>
                        &nbsp;&nbsp;&lt;init-param&gt;<br>
                        &nbsp;&nbsp;&nbsp;&nbsp;&lt;param-name&gt;headerName&lt;/param-name&gt;<br>
                        &nbsp;&nbsp;&nbsp;&nbsp;&lt;param-value&gt;X-Content-Type-Options: nosniff&lt;/param-value&gt;<br>
                        &nbsp;&nbsp;&lt;/init-param&gt;<br>
                        &lt;/filter&gt;
                    </div>
                    <p class="text-gray-600 text-sm">在<code class="bg-gray-100 px-1 py-0.5 rounded">WEB-INF/web.xml</code>文件中配置安全头以防止XSS和Clickjacking攻击。</p>
                    
                    <h4 class="font-semibold text-gray-800 mb-2 mt-4 flex items-center">
                        <i class="fas fa-lock text-green-500 mr-2"></i>
                        使用HTTPS
                    </h4>
                    <div class="code-block">
                        &lt;Connector port="8443" protocol="HTTP/1.1"<br>
                        &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;maxThreads="150" SSLEnabled="true"<br>
                        &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;scheme="https" secure="true" clientAuth="false" sslProtocol="TLS"/&gt;
                    </div>
                    <p class="text-gray-600 text-sm">强制使用HTTPS以确保数据传输加密。</p>
                </div>

                <div class="bg-white rounded-xl shadow-md p-6 card-hover">
                    <h3 class="text-xl font-bold mb-4 text-gray-800 flex items-center">
                        <span class="w-8 h-8 bg-blue-100 text-blue-600 rounded-full flex items-center justify-center mr-3">2</span>
                        进行身份验证和授权
                    </h3>
                    
                    <h4 class="font-semibold text-gray-800 mb-2 mt-4 flex items-center">
                        <i class="fas fa-user-shield text-red-500 mr-2"></i>
                        配置身份验证和授权
                    </h4>
                    <div class="code-block">
                        &lt;security-constraint&gt;<br>
                        &nbsp;&nbsp;&lt;web-resource-collection&gt;<br>
                        &nbsp;&nbsp;&nbsp;&nbsp;&lt;web-resource-name&gt;Protected Area&lt;/web-resource-name&gt;<br>
                        &nbsp;&nbsp;&nbsp;&nbsp;&lt;url-pattern&gt;/secure/*&lt;/url-pattern&gt;<br>
                        &nbsp;&nbsp;&lt;/web-resource-collection&gt;<br><br>
                        &nbsp;&nbsp;&lt;auth-constraint&gt;<br>
                        &nbsp;&nbsp;&nbsp;&nbsp;&lt;role-name&gt;admin&lt;/role-name&gt;<br>
                        &nbsp;&nbsp;&lt;/auth-constraint&gt;<br>
                        &lt;/security-constraint&gt;
                    </div>
                    <div class="code-block mt-4">
                        &lt;login-config&gt;<br>
                        &nbsp;&nbsp;&lt;auth-method&gt;BASIC&lt;/auth-method&gt;<br>
                        &nbsp;&nbsp;&lt;realm-name&gt;MyRealm&lt;/realm-name&gt;<br>
                        &lt;/login-config&gt;
                    </div>
                    <p class="text-gray-600 text-sm">在<code class="bg-gray-100 px-1 py-0.5 rounded">WEB-INF/web.xml</code>中配置身份验证和授权策略。</p>
                </div>
            </div>
        </section>

        <!-- Section 3 -->
        <section class="mb-16">
            <div class="flex items-center mb-8">
                <div class="flex-shrink-0 bg-blue-500 rounded-md p-3 text-white">
                    <i class="fas fa-bug text-xl"></i>
                </div>
                <div class="ml-4">
                    <h2 class="text-3xl font-bold text-gray-800 font-serif">3. 防止常见的安全漏洞</h2>
                    <p class="text-gray-600">针对特定攻击类型的防护措施</p>
                </div>
            </div>

            <div class="grid md:grid-cols-2 gap-8">
                <div class="bg-white rounded-xl shadow-md p-6 card-hover">
                    <h3 class="text-xl font-bold mb-4 text-gray-800 flex items-center">
                        <span class="w-8 h-8 bg-blue-100 text-blue-600 rounded-full flex items-center justify-center mr-3">1</span>
                        防止SQL注入
                    </h3>
                    <p class="text-gray-700 mb-4">SQL注入是最常见的安全漏洞之一，可通过参数化查询有效预防。</p>
                    
                    <h4 class="font-semibold text-gray-800 mb-2 mt-4 flex items-center">
                        <i class="fas fa-database text-indigo-500 mr-2"></i>
                        使用预编译语句
                    </h4>
                    <div class="code-block">
                        String query = "SELECT * FROM users WHERE username = ?";<br>
                        PreparedStatement pstmt = connection.prepareStatement(query);<br>
                        pstmt.setString(1, username);
                    </div>
                    <p class="text-gray-600 text-sm">避免直接在SQL查询中插入用户输入，使用预编译语句和参数化查询。</p>
                </div>

                <div class="bg-white rounded-xl shadow-md p-6 card-hover">
                    <h3 class="text-xl font-bold mb-4 text-gray-800 flex items-center">
                        <span class="w-8 h-8 bg-blue-100 text-blue-600 rounded-full flex items-center justify-center mr-3">2</span>
                        防止跨站脚本攻击(XSS)
                    </h3>
                    <p class="text-gray-700 mb-4">XSS攻击通过注入恶意脚本到网页中执行，危害用户数据安全。</p>
                    
                    <h4 class="font-semibold text-gray-800 mb-2 mt-4 flex items-center">
                        <i class="fas fa-code text-orange-500 mr-2"></i>
                        对用户输入进行编码
                    </h4>
                    <div class="code-block">
                        String safeString = StringEscapeUtils.escapeHtml4(userInput);
                    </div>
                    <p class="text-gray-600 text-sm">使用库或框架对用户输入进行编码，以防止XSS攻击。</p>
                </div>

                <div class="bg-white rounded-xl shadow-md p-6 card-hover">
                    <h3 class="text-xl font-bold mb-4 text-gray-800 flex items-center">
                        <span class="w-8 h-8 bg-blue-100 text-blue-600 rounded-full flex items-center justify-center mr-3">3</span>
                        防止跨站请求伪造(CSRF)
                    </h3>
                    <p class="text-gray-700 mb-4">CSRF攻击利用用户已认证的状态执行非预期操作。</p>
                    
                    <h4 class="font-semibold text-gray-800 mb-2 mt-4 flex items-center">
                        <i class="fas fa-random text-teal-500 mr-2"></i>
                        使用CSRF令牌
                    </h4>
                    <div class="code-block">
                        &lt;input type="hidden" name="csrfToken" value="${csrfToken}" /&gt;
                    </div>
                    <p class="text-gray-600 text-sm">在表单中使用CSRF令牌以防止伪造请求。</p>
                    
                    <h4 class="font-semibold text-gray-800 mb-2 mt-4 flex items-center">
                        <i class="fas fa-check-circle text-green-500 mr-2"></i>
                        验证CSRF令牌
                    </h4>
                    <div class="code-block">
                        String csrfToken = request.getParameter("csrfToken");<br>
                        if (!csrfToken.equals(session.getAttribute("csrfToken"))) {<br>
                        &nbsp;&nbsp;throw new InvalidCsrfTokenException("Invalid CSRF token");<br>
                        }
                    </div>
                    <p class="text-gray-600 text-sm">在服务器端验证CSRF令牌。</p>
                </div>

                <div class="bg-white rounded-xl shadow-md p-6 card-hover">
                    <h3 class="text-xl font-bold mb-4 text-gray-800 flex items-center">
                        <span class="w-8 h-8 bg-blue-100 text-blue-600 rounded-full flex items-center justify-center mr-3">4</span>
                        防止Clickjacking
                    </h3>
                    <p class="text-gray-700 mb-4">Clickjacking通过透明层欺骗用户点击隐藏元素。</p>
                    
                    <h4 class="font-semibold text-gray-800 mb-2 mt-4 flex items-center">
                        <i class="fas fa-mouse-pointer text-pink-500 mr-2"></i>
                        配置HTTP响应头
                    </h4>
                    <div class="code-block">
                        &lt;filter&gt;<br>
                        &nbsp;&nbsp;&lt;filter-name&gt;ClickjackingFilter&lt;/filter-name&gt;<br>
                        &nbsp;&nbsp;&lt;filter-class&gt;org.apache.catalina.filters.AddDefaultHeadersFilter&lt;/filter-class&gt;<br>
                        &nbsp;&nbsp;&lt;init-param&gt;<br>
                        &nbsp;&nbsp;&nbsp;&nbsp;&lt;param-name&gt;headerName&lt;/param-name&gt;<br>
                        &nbsp;&nbsp;&nbsp;&nbsp;&lt;param-value&gt;X-Frame-Options: DENY&lt;/param-value&gt;<br>
                        &nbsp;&nbsp;&lt;/init-param&gt;<br>
                        &lt;/filter&gt;
                    </div>
                    <p class="text-gray-600 text-sm">使用<code class="bg-gray-100 px-1 py-0.5 rounded">X-Frame-Options</code>响应头防止页面被嵌入到iframe中。</p>
                </div>
            </div>
        </section>

        <!-- Section 4 & 5 -->
        <section class="mb-16">
            <div class="grid md:grid-cols-2 gap-8">
                <div class="bg-white rounded-xl shadow-md p-6 card-hover">
                    <div class="flex items-center mb-6">
                        <div class="flex-shrink-0 bg-blue-500 rounded-md p-3 text-white">
                            <i class="fas fa-chart-line text-xl"></i>
                        </div>
                        <div class="ml-4">
                            <h2 class="text-2xl font-bold text-gray-800 font-serif">4. 监控和审计</h2>
                            <p class="text-gray-600">持续监控和日志分析</p>
                        </div>
                    </div>
                    
                    <h3 class="text-lg font-semibold text-gray-800 mb-2 flex items-center">
                        <i class="fas fa-clipboard-list text-blue-500 mr-2"></i>
                        配置访问日志
                    </h3>
                    <div class="code-block">
                        &lt;Valve className="org.apache.catalina.valves.AccessLogValve"<br>
                        &nbsp;&nbsp;&nbsp;&nbsp;directory="logs" prefix="localhost_access_log." suffix=".txt"<br>
                        &nbsp;&nbsp;&nbsp;&nbsp;pattern="%h %l %u %t &amp;quot;%r&amp;quot; %s %b" /&gt;
                    </div>
                    <p class="text-gray-600 text-sm">配置访问日志以记录所有的请求和响应信息。</p>
                    
                    <h3 class="text-lg font-semibold text-gray-800 mb-2 mt-4 flex items-center">
                        <i class="fas fa-exclamation-triangle text-red-500 mr-2"></i>
                        配置异常日志
                    </h3>
                    <div class="code-block">
                        &lt;Logger className="org.apache.catalina.logger.FileLogger"<br>
                        &nbsp;&nbsp;&nbsp;&nbsp;prefix="catalina_log." suffix=".log" /&gt;
                    </div>
                    <p class="text-gray-600 text-sm">监控异常日志以及时发现潜在的安全问题。</p>
                </div>

                <div class="bg-white rounded-xl shadow-md p-6 card-hover">
                    <div class="flex items-center mb-6">
                        <div class="flex-shrink-0 bg-blue-500 rounded-md p-3 text-white">
                            <i class="fas fa-sync-alt text-xl"></i>
                        </div>
                        <div class="ml-4">
                            <h2 class="text-2xl font-bold text-gray-800 font-serif">5. 定期更新和维护</h2>
                            <p class="text-gray-600">长期安全维护策略</p>
                        </div>
                    </div>
                    
                    <h3 class="text-lg font-semibold text-gray-800 mb-4 flex items-center">
                        <i class="fas fa-arrow-up text-green-500 mr-2"></i>
                        保持Tomcat更新
                    </h3>
                    <p class="text-gray-700 mb-4">定期更新Tomcat到最新版本，以修复已知的安全漏洞。</p>
                    
                    <div class="flex items-start">
                        <div class="flex-shrink-0 mt-1">
                            <i class="fas fa-info-circle text-blue-500"></i>
                        </div>
                        <div class="ml-3">
                            <p class="text-sm text-gray-600">
                                订阅Tomcat安全公告，及时了解新发现的安全漏洞和补丁。
                            </p>
                        </div>
                    </div>
                    
                    <h3 class="text-lg font-semibold text-gray-800 mb-4 mt-6 flex items-center">
                        <i class="fas fa-search text-purple-500 mr-2"></i>
                        定期审计和测试
                    </h3>
                    <p class="text-gray-700">定期进行安全审计和渗透测试，确保应用和服务器的安全性。</p>
                    
                    <div class="mt-6 bg-blue-50 rounded-lg p-4">
                        <h4 class="font-medium text-blue-800 mb-2">推荐的安全测试工具:</h4>
                        <ul class="list-disc list-inside text-sm text-blue-700 space-y-1">
                            <li>OWASP ZAP - Web应用安全扫描工具</li>
                            <li>Burp Suite - 渗透测试工具</li>
                            <li>Nessus - 漏洞扫描工具</li>
                            <li>Nikto - Web服务器扫描工具</li>
                        </ul>
                    </div>
                </div>
            </div>
        </section>

        <!-- Summary -->
        <section class="bg-white rounded-xl shadow-md overflow-hidden mb-16">
            <div class="p-6 bg-blue-50 border-b border-blue-200">
                <h2 class="text-2xl font-bold text-gray-800 font-serif">安全配置要点总结</h2>
            </div>
            <div class="p-6">
                <div class="grid md:grid-cols-3 gap-6">
                    <div class="flex items-start">
                        <div class="flex-shrink-0 h-10 w-10 rounded-full bg-blue-100 flex items-center justify-center">
                            <i class="fas fa-cog text-blue-500"></i>
                        </div>
                        <div class="ml-4">
                            <h3 class="text-lg font-medium text-gray-800">基础加固</h3>
                            <p class="mt-1 text-sm text-gray-600">修改默认设置，禁用不必要功能，使用强密码策略。</p>
                        </div>
                    </div>
                    <div class="flex items-start">
                        <div class="flex-shrink-0 h-10 w-10 rounded-full bg-purple-100 flex items-center justify-center">
                            <i class="fas fa-shield-alt text-purple-500"></i>
                        </div>
                        <div class="ml-4">
                            <h3 class="text-lg font-medium text-gray-800">应用防护</h3>
                            <p class="mt-1 text-sm text-gray-600">启用HTTPS，配置安全头，实现完善的认证授权机制。</p>
                        </div>
                    </div>
                    <div class="flex items-start">
                        <div class="flex-shrink-0 h-10 w-10 rounded-full bg-green-100 flex items-center justify-center">
                            <i class="fas fa-bug text-green-500"></i>
                        </div>
                        <div class="ml-4">
                            <h3 class="text-lg font-medium text-gray-800">漏洞防护</h3>
                            <p class="mt-1 text-sm text-gray-600">防范SQL注入、XSS、CSRF等常见Web攻击。</p>
                        </div>
                    </div>
                    <div class="flex items-start">
                        <div class="flex-shrink-0 h-10 w-10 rounded-full bg-yellow-100 flex items-center justify-center">
                            <i class="fas fa-eye text-yellow-500"></i>
                        </div>
                        <div class="ml-4">
                            <h3 class="text-lg font-medium text-gray-800">监控审计</h3>
                            <p class="mt-1 text-sm text-gray-600">记录访问日志，监控异常行为，及时发现安全问题。</p>
                        </div>
                    </div>
                    <div class="flex items-start">
                        <div class="flex-shrink-0 h-10 w-10 rounded-full bg-red-100 flex items-center justify-center">
                            <i class="fas fa-sync-alt text-red-500"></i>
                        </div>
                        <div class="ml-4">
                            <h3 class="text-lg font-medium text-gray-800">持续维护</h3>
                            <p class="mt-1 text-sm text-gray-600">定期更新版本，进行安全测试，保持系统安全状态。</p>
                        </div>
                    </div>
                    <div class="flex items-start">
                        <div class="flex-shrink-0 h-10 w-10 rounded-full bg-indigo-100 flex items-center justify-center">
                            <i class="fas fa-lightbulb text-indigo-500"></i>
                        </div>
                        <div class="ml-4">
                            <h3 class="text-lg font-medium text-gray-800">安全意识</h3>
                            <p class="mt-1 text-sm text-gray-600">培养安全意识，建立安全开发流程，防范人为风险。</p>
                        </div>
                    </div>
                </div>
            </div>
        </section>
    </main>

    <!-- Footer -->
    <footer class="bg-gray-900 text-white py-12 px-6">
        <div class="max-w-5xl mx-auto">
            <div class="flex flex-col md:flex-row justify-between items-center">
                <div class="mb-6 md:mb-0">
                    <h3 class="text-xl font-bold">技术小馆</h3>
                    <p class="text-gray-400 mt-2">专业的技术知识与实践分享</p>
                </div>
                <div>
                    <a href="http://www.yuque.com/jtostring" class="text-blue-400 hover:text-blue-300 transition-colors duration-200 flex items-center">
                        <i class="fas fa-external-link-alt mr-2"></i>
                        http://www.yuque.com/jtostring
                    </a>
                </div>
            </div>
            <div class="border-t border-gray-800 mt-8 pt-8 text-sm text-gray-500 text-center">
                &copy; 2023 技术小馆. 保留所有权利.
            </div>
        </div>
    </footer>

    <!-- Mermaid JS -->
    <script src="https://cdn.jsdelivr.net/npm/mermaid@latest/dist/mermaid.min.js"></script>
    <script>
        mermaid.initialize({
            startOnLoad: true,
            theme: 'default',
            flowchart: {
                useMaxWidth: true,
                htmlLabels: true
            },
            mindmap: {
                useMaxWidth: true,
                htmlLabels: true
            }
        });
    </script>
</body>
</html>
```